CVE-2015-6403

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp	Vendor Advisory
http://www.securityfocus.com/bid/78739
http://www.securitytracker.com/id/1034376

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_500ds:-:::::::*
	cpe:2.3:h:cisco:spa_500s:-:::::::*
	cpe:2.3:h:cisco:spa_501g:-:::::::*
	cpe:2.3:h:cisco:spa_502g:-:::::::*
	cpe:2.3:h:cisco:spa_504g:-:::::::*
	cpe:2.3:h:cisco:spa_508g:-:::::::*
	cpe:2.3:h:cisco:spa_509g:-:::::::*
	cpe:2.3:h:cisco:spa_512g:-:::::::*
	cpe:2.3:h:cisco:spa_514g:-:::::::*
	cpe:2.3:h:cisco:spa_525g2:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_301:-:::::::*
	cpe:2.3:h:cisco:spa_303:-:::::::*

History

No history.

Information

Published : 2015-12-15 05:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-6403

Mitre link : CVE-2015-6403

CVE.ORG link : CVE-2015-6403

JSON object : View

Products Affected

cisco

spa500_firmware
spa_502g
spa_500ds
spa_501g
spa300_firmware
spa_303
spa_504g
spa_500s
spa_514g
spa_508g
spa_525g2
spa_301
spa_512g
spa_509g

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2015-6403", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-15T05:59:04.853", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/78739", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1034376", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}, {"lang": "es", "value": "La implementaci\u00f3n TFTP en tel\u00e9fonos Cisco Small Business SPA30x, SPA50x, SPA51x 7.5.7 no valida adecuadamente la integridad del archivo de imagen de firmware, lo que permite a usuarios locales cargar una imagen de un Troyano mediante el aprovechamiento de acceso shell, tambi\u00e9n conocido como Bug ID CSCut67400."}], "lastModified": "2016-12-07T18:20:00.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2173CEC8-8B88-404C-8526-98CB39F9A954"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37E3C90F-011D-454C-8E0C-92E72A6EFE1D"}, {"criteria": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90C72E35-F124-4D09-AA68-0678ACBA590D"}, {"criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151"}, {"criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA"}, {"criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597"}, {"criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642"}, {"criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E"}, {"criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C"}, {"criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C"}, {"criteria": "cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8BD59A7B-751C-487B-957A-90B5BAEAE3BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7423475-9BDC-4425-9B88-77F2F539131A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8CE3C04F-884C-4CD1-8503-DB60CCC1B1F3"}, {"criteria": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F04B0F29-5620-4714-A151-7CDA2B9D8F2F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}